Skip to main content

36
RESULTS
rss


PART OF
Shmoocon
Hacker Conferences
Media Type
36
movies
Collection
Creator
2
the shmoo group
1
adam laurie
1
adam shostack
1
billy hoffman
1
chris paget
1
chuck willis
More right-solid
Language
36
English
SHOW DETAILS
up-solid down-solid
eye
Title
Date Archived
Creator
Shmoocon 2007
movies
eye 88
favorite 0
comment 0
WiFi Security
Shmoocon 2007
by Michael Rash
movies
eye 79
favorite 0
comment 0
Most people think of iptables as a packet filtering and mangling firewall within the Linux kernel. Although this characterization is true, iptables also provides such a powerful set of features that it can assist in the detection and visualization of network-based attacks. Through the use of the Netfilter string match extension, packet application layer data can be examined and acted upon by iptables. The end result is that a significant percentage of Snort rules can be run directly within the...
Shmoocon 2007
movies
eye 70
favorite 0
comment 0
No Tech Hacking
Shmoocon 2007
movies
eye 57
favorite 0
comment 0
Information Security
Shmoocon 2007
movies
eye 53
favorite 0
comment 0
I argue that introducing entropy-based features to log and traffic analysis tools allows the admins to quickly notice otherwise hidden anomalies and organize the data in ways that best show off the overall structure and peculiarities of each input data set. Entropy and related information measures provide a way to describe the overall shape of data distributions in logs. This makes it easier to notice anomalous values, to cluster and summarize records for convenient browsing, and to notice...
Shmoocon 2007
movies
eye 45
favorite 0
comment 0
Welcome
Shmoocon 2007
by Chris Paget
movies
eye 45
favorite 0
comment 0
WPAD, the Web Proxy Automatic Discovery protocol, does exactly what the name says - finds web proxies on the LAN. Unfortunately, WPAD is based on a number of other protocols which are widely known to be insecure, ultimately leading to by-design pwnership of an entire corporate network with just two packets. This presentation is in two parts. First, I'll explore the WPAD protocol, explaining and demonstrating its weaknesses as I go along. The focus will be on IE (which has WPAD enabled by...
Shmoocon 2007
by John Maushammer
movies
eye 41
favorite 0
comment 0
I'll describe the reverse-engineering process of an embedded system in detail, using the Pure Digital Disposable cameras as specific examples. We'll start with finding out what you can learn from just looking at the hardware. After extracting the firmware from the memory chip, I'll show some simple tools I built to help understand the code. We'll get clues from the embedded operating system, and eventually find the security routines. I'll show some specific flaws found in the cameras, and then...
Shmoocon 2007
by Jesse Krembs and Nick Farr
movies
eye 39
favorite 0
comment 0
This is an "update" to talks THF has given at Defcon, Notacon, etc. ~ The Hacker Foundation supports research projects run by hackers, engages in hacker advocacy, and aims to connect hacker skills with those in our communities who need them most. Our talk will focus on: - WHY THF was founded (THF aims to be a resource to enable independent hackers to follow their passions and connect with their communities.) - WHAT THF does to help hacker projects raise money, seek grant funding and...
Shmoocon 2007
by G. Mark Hardy
movies
eye 37
favorite 0
comment 0
Take a trip back in time and discover what hacking was like in the pioneer days -- before the Internet, the PC, or even the Commodore 64 or TRS-80. The speaker started "exploring" computer systems in 1973, when the only law about hacking was the hacker ethic itself. Join a humorous reminiscence about what it was like building an Altair 8800, "discovering" the 2600 Hz tone, storing programs on punched cards, cracking bad crypto, and more. You 'll find the people and...
Shmoocon 2007
by David Hulton
movies
eye 36
favorite 0
comment 0
This talk will cover some of the new advancements for OpenCiphers with newly added support for cracking WEP, WPA, and now Bluetooth and Mac OS-X! Since the WEP and WPA cracking has been talked about heavily at other conferences, this talk will focus on the aspects of Bluetooth PIN cracking and will release open source code for cracking Bluetooth PINs on your PC (at ~50k/sec) or using an FPGA (at ~10m/sec) and will demo a handful of FPGA cracking applications that OpenCiphers has to offer...
Shmoocon 2007
movies
eye 35
favorite 0
comment 0
There is no man page for the English language, but kids pick it up anyway (more or less). There is deep structure hidden inside every human generated language, especially those we intend to fuzz. I will discuss and demonstrate new, useful, and purty purty tools for rendering complex patterns automatically, potentially in realtime, and breaking things with it. New toys will be released, including a generic XML fuzzer (rawk!). Dan Kaminsky is the Director of Penetration Testing at IOActive, a...
Shmoocon 2007
by Ofir Arkin
movies
eye 34
favorite 0
comment 0
The threat of viruses, worms, information theft and lack of control of the IT infrastructure lead companies to implement security solutions to control the access to their internal IT networks. A new breed of software (Sygate, Vernier Networks, Microsoft, etc.) and hardware (Cisco) solutions from a variety of vendors has emerged recently. All are tasked with one goal controlling the access to a network using different methods and solutions. This presentation will examine the different strategies...
Shmoocon 2007
by Deviant Ollam, Noid, and Thorn
movies
eye 32
favorite 0
comment 0
It seems that at every con nowadays there is at least one talk dedicated to physical security. Our servers and data can be encrypted and passworded with the latest algorithms, but that doesn't do the trick if someone marches them out the door when we're not looking. In the past, many physical security talks have focused on passive defense: locks that resist picking, safes which resist cracking, etc. However, sometimes an intrusion is detected while in progress... and such intrusions - even...
Shmoocon 2007
by Michael Schearer
movies
eye 31
favorite 0
comment 0
What in the world is a U.S. Navy officer (a Naval Flight Officer, no less) doing in the middle of Iraq? Electronic warfare, of course! The Church of Wifi presents an unclassified presentation of theprez98's experiences during his 9-month tour in Iraq. Embedded with Army units on the ground, theprez98 brought his expertise in electronic warfare to bear against the biggest threat to coalition forces - the improvised explosive device (IED). Drawing on his background as an EA-6B Electronic...
Shmoocon 2007
by Joel Bruno and Eric Smith
movies
eye 30
favorite 0
comment 0
Asterisk, the Open Source PBX, is highly regarded and heralded by masses of eggheads as the next killer DIY app. You've been to their presentations and have overheard their conversations at the bar: "Imagine having all the power of a large commercial PBX in your home. Asterisk gives you this power --- Multiple extensions, advanced call routing, separate voice mail boxes -- plus a lot more." This presentation will take a look at the potential business and home uses of Asterisk. We will...
Shmoocon 2007
by Eoin Miller and Adair Collins
movies
eye 29
favorite 0
comment 0
Our presentation will be on auditing cached Windows credentials using a combination of the cachedump tool and a custom Visual Basic script. The default behavior of Microsoft Windows domain members is to cache the last 10 different login credentials in the registry. One of the easiest ways to obtain Domain Administrator privilege on a Windows Domain is to compromise a desktop, laptop or member server and use the cachedump tool to reveal the cached domain credentials. The attacker will then...
Shmoocon 2007
by Billy Hoffman
movies
eye 24
favorite 0
comment 0
Aren't Cross Site Scripting vulnerabilities lame? All they can do is display annoying popups that say 'xss' in them. Oh, and hijack your HTTP sessions... and detect every website you have visited... and port scan and fingerprint your internal network... and reconfigure your routers... and brute force usernames and passwords... and capture all the words you search Google for. And I almost forgot, they can self propagate too. Wait, maybe XSS isn't so lame after all. This presentation will examine...
Shmoocon 2007
movies
eye 23
favorite 0
comment 0
10 Cool Things You Didn't Know About Your Hard Drive
Shmoocon 2007
by Sean Coyne, Ivan Krstic, Jason Scott, Scott Roberts
movies
eye 22
favorite 0
comment 0
The Children's Machine, also known as the XO-1 and previously as the $100 Laptop, is a low-cost, power-efficient and durable machine developed by faculty members of the MIT Media Lab at the One Laptop per Child non-profit organization (OLPC). The laptop's purpose is to redefine learning for children in developing countries, particularly those living in the most remote areas and in the poorest of countries, by providing them with access to knowledge and modern forms of education. The laptops...
Shmoocon 2007
by Simple Nomad
movies
eye 20
favorite 0
comment 0
This is a talk about numerous little projects that have been worked on that are not long enough or perhaps even interesting enough for a full talk, but strung together should be interesting. Topics covered will include firewall detection, IPS fingerprinting, spam, Dish Network DVR hacking, an update from last year's ShmooCon talk "Hacking the Friendly Skies" and a few other tidbits. Imagine a Dan Kaminsky talk except a lot more ghetto given by an old guy. Get off my lawn! Simple Nomad...
Shmoocon 2007
movies
eye 20
favorite 0
comment 0
Becoming Jack Flash
Shmoocon 2007
by Rodney Thayer, Jon Callas and Ben Laurie
movies
eye 20
favorite 0
comment 0
Three grumpy old Shmoo Crypto gurus discuss the state of cryptography on the Internet today. This will be an open discussion (come armed with questions!) on current cryptography issues. We'll discuss what the current threats are, what kinds of lame crypto implementations are being delivered by vendors, unsafe crypto practices in common use, and what we think of emerging crypto technologies such as EV certs, EC cryptography, any any recent interesting crypto vulnerabilities. Rodney Thayer is an...
Shmoocon 2007
by Ryan Clarke
movies
eye 20
favorite 0
comment 0
We are taught as children to 'fear' electronics- that is if it is electronic it must be expensive, fragile, and you shouldn't touch/play with it. Hardware is actually quite easy to get involved with. With a fundamental knowledge set and a curious mind, it is simple to begin building basic electronic devices. This presentation will be structured to give a glimpse into how easy it can be to build cool projects, and be the 'shove' many need to get going. Not quite as much a 'how-to' as a 'where to...
Shmoocon 2007
movies
eye 19
favorite 0
comment 0
For years, PC software has been poked, prodded, and scrutinized for security bugs. As a result, desktop based software is slowly becoming more secure. Unfortunately, Windows Mobile (AKA Pocket PC or Windows CE) software has avoided this same level of scrutiny...until now. This talk will expose Windows Mobile software for what it is - a bunch of buggy and insecure code. In the time allotted, we will look at several different programs (or genres of programs) and demonstrate why Pocket PC security...
Shmoocon 2007
by Adam Laurie
movies
eye 18
favorite 0
comment 0
RFID is being embedded in everything... From Passports to Pants. Door Keys to Credit Cards. Mobile Phones to Trash Cans. Pets to People even! For some reason these devices have become the solution to every new problem, and we can't seem to get enough of them.... This talk will look at the underlying technology, what it's being used for, how it works and why it's sometimes a BadIdea(tm) to rely on it for secure applications, and, more worryingly, how this off-the-shelf technology can be used...
Shmoocon 2007
by Raven
movies
eye 17
favorite 0
comment 0
While bugs continue to be found in backbone gear on a fairly regular basis, there has been little attention given to protocol fuzzing research on routing and switching infrastructure gear. Given that so many backbone bugs are Denial-of-Service related, this seems a strange omission. Basic errors such as "router catches wrong protocol version number, chokes, dies" are still being found and reported -- these type of errors should be quickly found by an intelligent fuzzer. This talk will...
Shmoocon 2007
by Adam Shostack
movies
eye 17
favorite 0
comment 0
Since California's SB 1386 came into effect, we have recorded public notice of over 500 security breaches. There is a new legal and moral norm emerging: breaches should be disclosed. This is the most significant event in information security since Aleph1 published "Smashing the Stack for Fun and Profit," and brought stack-smashing to the masses. The reason that breaches are so important is is that they provide us with an objective and hard to manipulate data set which we can use to...
Shmoocon 2007
by Renderman, Al Potter, and Russ Housley
movies
eye 17
favorite 0
comment 0
This panel discussion is intended to recreate and expand on a conversation originally between RenderMan and Al Potter, which occurred during The Summit, the 2006 EFF fundraiser at DEFCON 14 (2006). Render, a frequent critic of the fruit of standards body efforts (think IEEE 802.11 et al) and Al, a former member of the IEEE 802.11i working group and an occasional IETF visitor, had a frank and honest discussion centering on what motivates folks (positively and otherwise) in standards bodies, what...
Shmoocon 2007
movies
eye 15
favorite 0
comment 0
Wireless (and Wired) Networks At Security Cons
Shmoocon 2007
movies
eye 14
favorite 0
comment 0
Next Generation Wireless Recon
Shmoocon 2007
by The Shmoo Group
movies
eye 13
favorite 0
comment 0
ShmooCon Labs was a ShmooCon first and as far as we know a security conference first. We invited vendors, 30 attendees, and ShmooCon network geeks to come and spend a day and half building the conference wired and wireless network with all sorts of security geek goodness. Including NAC, VA, WIDS, IPS, and other bad words we can't spell out here, we attempted to do it all in 30 hours to provide you access to your precious wireless 1s and 0s. Ken Caruso will start the BOF with a quick recap of...
Shmoocon 2007
by The Shmoo Group
movies
eye 12
favorite 0
comment 0
In keeping with tradition, we'll breakdown this year's conference. We'll talk basics, budget, bad decisions and bold moves. If there's time we'll move on to things that start with C (Can you believe we did this a third time) and D (Do we dare try to do it again in 2008). Your input is important and worth ducking a ShmooBall or two, so stop in and let us know what you think. The Shmoo Group is a non-profit think-tank comprised of security professionals from around the world who donate their free...
Shmoocon 2007
movies
eye 10
favorite 0
comment 0
As security professionals and hobbyists, we like to test and break software. For most software, we can satisfy our curiosity by installing it on our own machine and attacking it in a variety of manners. Unfortunately, this is not possible for most Web applications which can only be accessed on someone else's system. Further, security of these Web applications is important because they are used to conduct a variety of critical functions. So how can we satisfy our curiosity without attacking...
Shmoocon 2007
movies
eye 10
favorite 0
comment 0
Clig Everest Ohio Voting
Shmoocon 2007
movies
eye 6
favorite 0
comment 0
There have been many panels and discussions on Vulnerability Disclosure at the major security conferences recently. I think that there's room for one more, but this one will be a bit different. For one, it will have ShmooBalls. For another, and equally important, it will feature a panel moderator (myself) who is the only person in the security industry actually qualified to be objective in all this. It was the fall of 2004. I was a Senior Security Architect at @stake when I found myself...